Hi all,
I'm trying to deploy a scenario where I have an openser as a sip proxy (taking care of registrations) in front of an asterisk (to handle pstn call routing/billing/etc).
Both openser and asterisk authenticate users on the same database, and I'm able to register a UA on both.
The problem is when I try to relay calls from openser to asterisk. I always get the following error: SIP/2.0 407 Proxy Authentication Required
What am I missing here?
My openser.cfg is the following:
debug=3 # debug level (cmd line: -dddddddddd) fork=yes #log_stderror=no # (cmd line: -E)
# Uncomment these lines to enter debugging mode #fork=no log_stderror=yes
listen=192.168.64.102 sip_warning=no
#advertised_address=192.168.1.102
reply_to_via=no check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database loadmodule "/usr/lib/openser/modules/mysql.so"
loadmodule "/usr/lib/openser/modules/sl.so" loadmodule "/usr/lib/openser/modules/tm.so" loadmodule "/usr/lib/openser/modules/rr.so" loadmodule "/usr/lib/openser/modules/maxfwd.so" loadmodule "/usr/lib/openser/modules/usrloc.so" loadmodule "/usr/lib/openser/modules/registrar.so" loadmodule "/usr/lib/openser/modules/nathelper.so" loadmodule "/usr/lib/openser/modules/textops.so" loadmodule "/usr/lib/openser/modules/xlog.so" loadmodule "/usr/lib/openser/modules/auth.so" loadmodule "/usr/lib/openser/modules/auth_db.so"
# -- usrloc params -- # Flush every 60 sec modparam("usrloc", "db_mode", 0)
# -- auth params -- modparam("auth_db", "db_url", "XXX") modparam("auth_db", "user_column", "accountcode") #modparam("auth_db", "domain_column", "accountcode") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "secret")
# -- replication auth param -- modparam("auth", "secret", "mysecret")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); return; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); return; };
force_rport(); fix_nated_contact();
if(uri == myself) { if(method == "REGISTER") { # Make sure they are a valid user on our proxy if(!www_authorize("", "astaccount")) { xlog("L_INFO", "Req Auth For %ct, URI = %ru\n"); www_challenge("", "1"); return; };
xlog("L_INFO", "Registered Contact %ct, URI = %ru\n"); save("location");
return; }; };
record_route();
# ------------------------------------------------------------------
# loose-route processing if(loose_route()) { xlog("L_INFO", "loose_route(): Looking up %rm URI %ru from %is\n"); lookup("location"); xlog("L_INFO", "loose_route(): t_relay() %rm to URI %ru\n"); t_relay(); return; };
if(method == "INVITE") {
# Assume it came from one of our VoIP phones, all routing is done by Asterisk xlog("L_INFO", "%rm came from a VoIP phone (%is), attempting to authorize %fu\n");
# Make sure they are a valid user on our proxy if (!www_authorize("", "astaccount")) { www_challenge("", "0"); xlog("L_INFO", "Failed to authorize %fu (%is)\n"); return; };
# Found a match, this is going to a VoIP phone xlog("L_INFO", "Auth OK, sending URI %ru to Asterisk for routing\n"); rewritehostport("192.168.64.103:5060");
xlog("L_INFO", "INVITE New URI = %ru, t_relay()ing now\n"); t_relay(); # forward(uri:host, uri:port); return; };
# ------------------------------------------------------------------
# forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP lookup("location"); xlog("L_INFO", "Default t_relay() (method = %rm, URI = %ru, >From = %is)\n"); if(!t_relay()) { xlog("L_INFO", "Failed sending requesting %rm URI (%ru)\n"); sl_reply_error(); }; }
Thanks for your help
You have a proxy authorize block in your INVITE block, which will require the client to send auth credentials. If it doesn't, it gets that error (which usually is a signal to the client to then go ahead and send the credentials).
On Thu, 25 May 2006 19:43:46 +0100, Edgar Barbosa wrote
Hi all,
I'm trying to deploy a scenario where I have an openser as a sip proxy (taking care of registrations) in front of an asterisk (to handle pstn call routing/billing/etc).
Both openser and asterisk authenticate users on the same database, and I'm able to register a UA on both.
The problem is when I try to relay calls from openser to asterisk. I always get the following error: SIP/2.0 407 Proxy Authentication Required
What am I missing here?
My openser.cfg is the following:
debug=3 # debug level (cmd line: -dddddddddd) fork=yes #log_stderror=no # (cmd line: -E)
# Uncomment these lines to enter debugging mode #fork=no log_stderror=yes
listen=192.168.64.102 sip_warning=no
#advertised_address=192.168.1.102
reply_to_via=no check_via=no # (cmd. line: -v) dns=no # (cmd. line: -r) rev_dns=no # (cmd. line: -R) port=5060 children=4 fifo="/tmp/ser_fifo"
# ------------------ module loading ----------------------------------
# Uncomment this if you want to use SQL database loadmodule "/usr/lib/openser/modules/mysql.so"
loadmodule "/usr/lib/openser/modules/sl.so" loadmodule "/usr/lib/openser/modules/tm.so" loadmodule "/usr/lib/openser/modules/rr.so" loadmodule "/usr/lib/openser/modules/maxfwd.so" loadmodule "/usr/lib/openser/modules/usrloc.so" loadmodule "/usr/lib/openser/modules/registrar.so" loadmodule "/usr/lib/openser/modules/nathelper.so" loadmodule "/usr/lib/openser/modules/textops.so" loadmodule "/usr/lib/openser/modules/xlog.so" loadmodule "/usr/lib/openser/modules/auth.so" loadmodule "/usr/lib/openser/modules/auth_db.so"
# -- usrloc params -- # Flush every 60 sec modparam("usrloc", "db_mode", 0)
# -- auth params -- modparam("auth_db", "db_url", "XXX") modparam("auth_db", "user_column", "accountcode") #modparam("auth_db", "domain_column", "accountcode") modparam("auth_db", "calculate_ha1", 1) modparam("auth_db", "password_column", "secret")
# -- replication auth param -- modparam("auth", "secret", "mysecret")
# -- rr params -- # add value to ;lr param to make some broken UAs happy modparam("rr", "enable_full_lr", 1)
route{
# initial sanity checks -- messages with # max_forwards==0, or excessively long requests if (!mf_process_maxfwd_header("10")) { sl_send_reply("483","Too Many Hops"); return; }; if ( msg:len > max_len ) { sl_send_reply("513", "Message too big"); return; }; force_rport(); fix_nated_contact(); if(uri == myself) { if(method == "REGISTER") { # Make sure they are a valid user on ourproxy if(!www_authorize("", "astaccount")) { xlog("L_INFO", "Req Auth For %ct, URI = %ru\n"); www_challenge("", "1"); return; };
xlog("L_INFO", "Registered Contact %ct, URI= %ru\n"); save("location");
return; }; }; record_route(); # -----------------------------------------------------------
# loose-route processing if(loose_route()) { xlog("L_INFO", "loose_route(): Looking up %rm URI%ru from %is\n"); lookup("location"); xlog("L_INFO", "loose_route(): t_relay() %rm to URI %ru\n"); t_relay(); return; };
if(method == "INVITE") { # Assume it came from one of our VoIP phones, allrouting is done by Asterisk xlog("L_INFO", "%rm came from a VoIP phone (%is), attempting to authorize %fu\n");
# Make sure they are a valid user on ourproxy if (!www_authorize("", "astaccount")) { www_challenge("", "0"); xlog("L_INFO", "Failed to authorize %fu (%is)\n"); return; };
# Found a match, this is going to a VoIPphone xlog("L_INFO", "Auth OK, sending URI %ru to Asterisk for routing\n"); rewritehostport("192.168.64.103:5060");
xlog("L_INFO", "INVITE New URI = %ru, t_relay()ingnow\n"); t_relay(); # forward(uri:host, uri:port); return; };
# -----------------------------------------------------------
# forward to current uri now; use stateful forwarding; that # works reliably even if we forward from TCP to UDP lookup("location"); xlog("L_INFO", "Default t_relay() (method = %rm, URI = %ru,From = %is)\n"); if(!t_relay()) {
xlog("L_INFO", "Failed sending requesting %rm URI (%ru)\n"); sl_reply_error(); }; }
Thanks for your help
Serusers mailing list Serusers@lists.iptel.org http://lists.iptel.org/mailman/listinfo/serusers
-
Edgar Barbosa -
sip